February 15, 2024 at 03:50PM
The Department of Justice disrupted a botnet operated by Russian military intelligence, Fancy Bear. The botnet was built on existing malware installed on Ubiquiti Edge OS routers with default passwords, allowing the GRU to launch cybercrimes. US law enforcement removed malicious files and urged router users to reset and update passwords. This is the second state-sponsored botnet disruption in two months, aiming to slow down Russian cyber-espionage efforts.
Key Takeaways from the Meeting Notes:
1. The Department of Justice has successfully disrupted a botnet used by Russian military intelligence for widespread cyber espionage. The botnet was comprised of Ubiquiti Edge OS routers that were infected with Moobot malware and repurposed for global espionage.
2. Non-GRU cybercriminals installed the Moobot malware on routers that still had default administrator passwords, which allowed GRU hackers to install bespoke scripts and files and turn the botnet into a global espionage platform.
3. US law enforcement was able to hack into compromised routers, remove malicious files, and disconnect affected routers from the botnet. Users are urged to complete a factory reset on affected routers and update default administrator passwords.
4. Deputy Attorney General Lisa Monaco highlighted the value in disrupting espionage efforts, noting that this is the second time in two months the DoJ has disrupted a state-sponsored botnet.
5. While the disruption is unlikely to have a significant impact on Russian cyber-espionage operations, there is value in slowing their efforts with these disruptions, especially as elections approach.
Let me know if you need further details or any additional information.